Main menu

Post navigation

Storing Cryptocurrency: How Hardware Wallets Work

One of the most common questions new crypto-enthusiasts have is how hardware wallets like the Ledger Nano S can possibly be the most secure way to store cryptocurrency? What if the device gets stolen or destroyed?

In this post, we’ll try to explain how such a device works in a technical (but hopefully human-readable) way, detailing how it does what it does and how it can be this flexible and yet this secure.

Before we dive into explanations, it’s recommended you read this short post about cryptocurrency wallets, so that the terminology used in the rest of the article becomes clear.

BIP

When the blockchain appeared as the technology behind Bitcoin, and a group of programmers/scientists wanted to propose a new feature, they had to formalize and present that idea in a way that’s readable and understandable by all participants of the bitcoin network. Such formal proposals were called Bitcoin Improvement Proposals or BIPs. All BIPs are publicly discussed before being implemented into the blockchain.

By setting up a good foundation for new ideas, this allowed other blockchains to adopt the good ideas that they liked and discard the ones they didn’t.

This is where things get a little more technical and complex. We promise it’ll be worth it by the end of this post — so please keep reading!

One such good idea was BIP 39. BIP 39 uses math to figure out how to use a set of 24 regular words to get a seed — a big random number from which further keys for crypto wallets are later generated.

Curiosity: if you’re interested in taking a look at the lists of supported words, see here.

BIP 39 also defines a way to secure these 24 words with an additional passphrase that counts as word 25. If no passphrase is selected, an empty one is used, so it’s essentially always 24 words + passphrase (empty or not).

Curiosity: this passphrase differs from passwords you’re used to in various interfaces in that it doesn’t produce an error message if the wrong one is used. Any passphrase in combination with 24 words produces a valid seed, which is useful in plausible deniability scenarios – an extortion-protection mechanism we’ll explain later.

This generated seed number is used to generate a root key — an unguessable combination of letters and numbers — for each cryptocurrency you’re interested in. Every blockchain has its own method of generating the root key from the seed, and in the example of bitcoin that’s BIP 32, which results in a key like this one:

This key is then used to generate several private keys, which then become cryptocurrency wallets for a given blockchain.

Confused?

It all boils down to this: BIP 39 is used to pick a certain combination of words, which may or may not be passphrase-protected, which are then used to generate wallets with a formula such as the one described in BIP 32.